Page:

IP Numbers

I though that IPv4 technically already was exhausted. RIPE announced that they had begun issuing their very last block 2 years ago ... http://www.ripe.net/internet-coordination/ipv4-exhaustion

The internet has delayed the end of IPv4 through turnover and trading of existing allocated address spaces, and of course NAT.

I'm suprised to see that there are still 15 million IPv4 addresses left in the unallocated pool ... http://www.ripe.net/internet-coordination/ipv4-exhaustion/ipv4-available-pool-graph ... which has actually _increased_ in recent weeks!

Tornado season has begun

"The wail of a tornado siren is something most Iowans have heard, as Iowa is smack dab in the middle of “Tornado Alley” — a hotbed of several Midwestern states comprising a notoriously deadly tornado zone."

@Why need stations at all?

"Why are people so averse to charging their cars overnight at their own home? "

If you actually bother to think beyond your own closed existence, you'll realise pretty quickly that thats impossible for the majority of urban car owners. Fine for the rural driver but not most city drivers who would benefit most from battery technology.

For example, in my building, which is a very common layout, there are four flats over three floors. At least one of those flats is entirely on the rear of the building so that guy has no access to his own power supply. Even if you implement some kind of kerb mounted token operated charging socket, there is still only room on the road outside the building to park slightly less than two cars nose to tail. You would end up taking pot luck who got a turn at charging up each night!

Look, its a total non starter - DO MORE RESEARCH INTO FUEL CELLS! (Which don't necessarily need to use Hydrogen as the catalyst by the way, although its about the least noxious substance you could choose. Alcohol works as well as does Chlorine)

@John + Anon

"Telehouse charge a fixed rental rate for a rack irrespective of power consumption."

NOT ANY MORE!!

I just received my first £200 'excess power usage' bill from Telehouse. I'm in the Metro site, which I believe is slightly more relaxed than docklands. Thats blown all my budgets right out the window, and has actually put the entire future of my small colo operation into question.

@Edward Pearson

"This article draws attentions to absolutely fuck all."

Even taking into account the slightly dubious nature of the extrapolated numbers in the report, it still highlights a real security issue - I find myself completely astonished at you guys dismissive attitudes.

You must either have real short memories, or just have your heads in the sand - have you completely forgotten about the SQL Slammer worm and what havoc that wreaked...?

Close to home...

Crikey, I've been through that airport twice in the last week. Maybe this story perhaps explains the large number of uniformed bodies for such a (relatively) small airport which struck me as kinda odd as we entered Canadian territory for the first time. Or is that normal for North America?

@DENY ALL

Of course.

"Firewalling 101": when you build a new ruleset, start with the 'deny all' rule, then insert the rules you need to allow valid connections.

Lack of a DENY ALL rule in a lot of firewalls was why the SQL Slammer worm did so well. Oh, that and the old shortcut of running the supporting dataserver on the same box as the webserver, listening on all interfaces ... duh.

The eBay crew are clearly big enough to have their dataservers on entirely separate infrastructure, but guys like Kevin Mitnick demonstrate all the time that the smallest weakness in the webserving components of a company network can let a guy access the (often) less well secured internal network where he can wander around almost at will. Articles written about eBay over this year sounded a lot like this was happening to them ...

@Windows Fanboy & Anon Coward

"Properly patched, secured and maintained windows boxes are no less secure than unix boxes"

Utter bollocks.

Windows webservers are usually running IIS, which when I last looked, runs at least partly in kernel-mode. As a result, when cracked the hacker gets full control of the machine. Do some research on the defacing scoreboard sites and see who they are hitting.

Well done for leaping to stupid conclusions like "another uninformed Nix fanboy with clearly no actual experience of running a large scale hosting operation on Windows (or Unix probably)" ... because in fact my previous job was supporting a farm of windows and redhat servers at a big London web design house.

Are you quite done with the "arrogant" and "fanboy" remarks? I think you've done a good job of making yourself sound like a simple-minded windows admin in the process - blaming PHP security flaws on Unix is pretty fucking dumb, since it runs on top of most webservers regardless of platform.

If you're going to label people - get it right: I'm an OpenBSD "fanboy" if anything.

@Anon Coward - yes people DO still use "drivel" like "internet facing platforms" because a lot of companies out there DO still put windows boxes on the 'net with no firewall, and a suprising proportion of those who do bother with firewalls don't seem to know to put 'DENY ALL' as the first rule.

The point I obviously failed to make is that eBay has had big security problems for the last few years, with apparently someone inside their systems running admin level hacks at will. If the site is using URLs containing ".dll" then its almost certainly running a MS webserver ... a quick check suggests that guess was right:

http://toolbar.netcraft.com/site_report?url=http://www.ebay.co.uk

Clearly someone out there likes Microsoft though, as they're catching up in the webserver market:

@Property

...actually a domain is more akin to a mailbox than 'real estate'. All it does is point people to where your actual real estate is, or in the more simplified cases, provides a route for information to be directed to you.

I completely agree with the majority of comments above - as an email/web hosting provider I frequently use whois for a multitude of reasons. There definitely needs to be a certain amount of information about the registrant available. There is no point having a record which identifies only the technical contact - thats often a dead-end in the case of dubious domains. I think I disagree about 'private individuals' - as spammers and fraudsters are not all that often companies or organisations.

@Dan

You clearly haven't thought about the actual problem which has been solved. Go back to sleep.

The 'experts' will only have had a low-res lossy compressed image format (ie jpg) pulled off the 'net to work with. Since the swirl transform was more than likely generated from the original full-res original image, a large amount of the data needed to reverse the process will have been thrown away in the reduction/compression process when converting to jpg, making the recontruction process several times more difficult.

I'm guessing they will have had to run some fairly complex interpolation to reconstruct as close as possible the high-res image in order to get more than a smudge out of the reverse-transform process.

If you disagree, you'll find an example here: http://www.theregister.co.uk/2007/10/08/interpol_unscrambled/ ... have a go yourself and see.

@Rubbish Box

The service is generally excellent - no outages that I've noticed on my connection which is in use 24/7 - and the price has recently been dramatically cut too.

Still, the default SpeedTouch unit is a hunk of crap. I'll be ordering a decent ADSL2+ modem fairly shortly myself.

Why would you go with NetGear though, thats almost as bad! The wireless works perfectly on mine - I've given my downstairs neighbour a WPA2 key for it - he can access it no problem and gets good speeds despite loads of solid stuff (including a metal filing cabinet) between him and the access point. I reckon if you're having wireless issues, changing to a NetGear device will be throwing your money away.

Alarmist Comments

> He added that scientific consensus held that that kind of sea level

> rise would be possible if Greenland's ice melted, but that that melt

> would happen "after, and over, millennia".

How is a documentary comment about sea level rises related to ice melt 'alarmist' ? Its *happening* for chrisakes. Its happening *now*. It is a *fact* that coastal regions are suffering unprecedented erosion due to higher sea levels, and its also a *fact* that there are smaller islands which have begun dissapearing under the waves. We just don't tend to hear about this stuff because only poor people live in these places.

Never mind the quality, its still a result!

Don't forget that the original photo was probably run through the filter and *then* compressed to significantly lower-res web quality - therefore losing a large proportion of the original data. The reversal job would have had to do an enormous amount of interpolation - thus the imperfect result.

As someones already mentioned - the end result is a perfectly recognisable mugshot. Well done to them - now they can get out there and nail the sick piece of sh*t.

@Fraser

"I also just don't see any advantage of gathering the data in this way."

I personally cannot see why 'data' has to be gathered in the first place!! I have not seen or heard of one single sound justification for this.

It is simply a case of unscrupulous sales and marketing people targetting the education sector because they have found a dodge for tapping into schools purchasing budgets. It is exactly the same with the ID cards scheme - they are quite clearly inventing half-baked justifications for this in order to get their hands on taxpayers money, through a side door which is supposedly guarded by MPs, but several of those same MPs are on the boards of the tech companies themselves.

If an offence was committed, who was the victim?

I'd love to know who exactly was the 'victim' of this blokes supposed crime. If he's being charged with unauthorised use of a network, how did these 'PCSO' goons determine that his network access was in fact unauthorised?

Presumably the wardriving geek dropped himself in it when questioned - I can't see any other way that this could stick legally.

Code vs Data

"Who cares about the Wikipedia code"

Well actually a lot of people. Just because one particular instance of the WikiMedia engine powers the joke that is Wikipedia, doesn't mean its a shite piece of software - I've just built a departmental documentation repository on it, and its become a damned useful tool!

I think that highlights the folly of Tims ideal of ignoring code in favour of data. Although it has to said that the reverse is not true either - both have to be taken into account in equal measures to ensure any kind of long term success.

The Open Source argument seeks to protect developers ability to truly innovate - I believe the ongoing arguments surrounding GPL are merely part of the process of evolution toward a better way of creating software than the traditional proprietary closed source model. For that reason I agree with Brad - a revised BSD license would be welcome.

@A J Stiles

Similarly, simply installing the 'adblock' extension in Firefox does a pretty reasonable job of enabling you to read content sans advertising ... without the hassle of having to set up and maintain a proxy server.

Positive Contribution

"it suggests that those organisations that are more culturally switched on to good IT management practice seem to be saying that Vista has a positive contribution to make."

What a crock.

This comment simply reinforces the point that people who muck about with statistics can make them 'prove' any concusion they want to.

To me, all your statistics are saying is that the more 'formal' IT departments are more likely to go forward with upgrades in the short term.

As for why this might be, my opinion is that these types of department are more likely to plan this activity and be able to allocate the resources needed to run the project. More importantly, they are almost certainly more integrated into the upper levels of the company management reporting structure - which means they will find it easier to get signoff from the related business management streams to spend the money!

As usual, there is no doubt in my mind that upgrades are primarily driven by companies on M$ support agreements being coerced by EOL of their existing products - requiring them to buy licenses for the same software again and again.

Nice Idea, but...

I'd like to see this succeed - not just for mobiles, but more generically for the myriad of gadgets we usually see clusters of plug-in adapters powering (wasting loads of energy through conversion to heat...).

Mind you, I recently purchased a 'Freeloader' - a solar powered device designed with the same intentions (powers mobiles, ipods etc apparently), and discovered with major dissapointment that it is utterly unfit for purpose. It produced 30secs worth of charge to my Nokia after 2 days in the blazing sun while out camping recently.

Reasonable Times??

"Private courier firms at least make an effort to deliver at more reasonable times."

That is the biggest load of BS I've heard all month.

I have yet to deal with a freight company which will give you any estimate of delivery time within one day, or which delivers outside of 9-5 mon to fri. I am intimately familiar with the hard to find Citylink Cricklewood depot as a result. (Not to mention UPS in Kentish Town and FedEx in Enfield)

I am sick to death of having to drive to pick up parcels I have been charged a fortune to have delivered - and then there is the customer service - I have wasted literally days of my life trying to get through to freight company customer service lines.

'White Label' package...

Could this be rebadged version of one of the various popular open source PHP based webmail interfaces? (ie Horde/Squirrelmail)

I'm running Squirrelmail on my FreeBSD box, and the port security auditing has been squealing about 'multiple' vulnerabilities in PHP4.x for weeks now. Nothing to be done about it though because Squirrelmail doesn't run under PHP5 and there doesn't seem to be a patch for the vulnerabilitie(s).

In the meantime I'm trying to find a decent alternative Webmail client.

Here we go again ...

According to the chief marketing officer of Barclaycard, this contactless hybrid credit card "has all the security and flexibility of a full service credit card."

Um, actually no it doesn't - and I don't think anyone has seriously thought about this. Although it has "chip and pin" validation just like a regular card, the card is contactless, which means that it can be read by a near-proximity radio transmitter/receiver. Regular cards require that they be physically inserted into a reader.

Oyster cards need to be 'touched' in/out at the train station - but this is merely because the gate readers have their sensitivity tuned for that application. A rogue reader can of course have its transmit power cranked up while will allow it to access cards within a metre of two in the same way as the RFID passport crack recently documented by El Reg.

Given the above, just imagine how easy it would be for a fraudster to carry a hidden card reader in their shoulder bag/briefcase on a train attached to a laptop programmed to detect nearby cards and brute-force crunch the pin number of any card it located. Remember that "offline" chip and pin readers are common in situations such as market stalls - this kind of scenario could trivially exploited so that you could find yourself having unknowingly made purchases on your Oyster/Visa while reading your paper on your morning commute.

None of this was any real issue when you could only use the card to buy a £2 tube journey. Now that the scope has been expanded to include other goods and services - it will immediately begin to attract the interest of those who would abuse the system for illicit gain. I sincerely hope the transaction amount will be strictly limited, but knowing Barclays record on combatting fraud I doubt it.

IP Density

"Bringing up the rear are the luddites of Antarctica, with a pathetic 15,620 IP addresses, 0.001 per cent of the world total."

Sure thats a minute fraction of the global allocation, but according to "http://www.indexmundi.com/antarctica/population.html", Antarctica has a "peak summer population" of "3,822 total" which means that there are more than 4 IP addresses assigned for every man and woman on the continent! Not all that suprising though when you consider the place is populated solely by techie scientists...

Unruly Behaviour

Airport Metal Detector

Duh!

The airport metal detector will still flag up an alert for your concealed knife even in you had painted it a cute soft pink colour(*) and tied a pretty bow around the handle ... can't say the same for this 'heuristic' method.

(*) which *is* spelled correctly thank you!

Oh, and for the bod who couldn't resist the good old line about there being 'hardly any Linux users', sorry mate but by using this forum you're actually one of them:

www.theregister.co.uk = Apache/2.0.54 (Debian GNU/Linux)

(http://uptime.netcraft.com/up/graph?site=www.theregister.co.uk)

The pro-microsoft crowd tend to overlook that a large chunk of the sprawling internet is powered by Linux and BSD, which ought to make it an ideal target for attack when there are rich pickings to be had from all kinds of fraud and extortion related angles (credit card data theft, user impersonation, malware distribution, ...)

cross-platform vulverability

I agree with Scott ...

... This contest seems to have simply proven what I've suspected for some time - Java and Javascript is a cross-platform weakness which is exposing the more secure systems to abuse in ways they are not natively vulnerable. I think this ties in with the comment that 95% of exploits are application based...

Windows Admin

Have you guys actually tried to use a Windows machine in a non-admin context?

As a seasoned Unix admin, I've tried many times to use the same working methods on my 'doze machine as I do with my 'nix boxes, but every time I run into the brick wall known as the registry. A lot of applications either break or malfunction in strange ways if registry write access is denied (which seems to be the case even with 'Power Users' membership).

This is because Windows software authors tend to write their applications to store user preferences and settings in the registry - requiring write (therefore privileged) access to the system central repository, where a Unix software author would write the same data to a user-specific config file, requiring nothing more than the users own profile permissions...

...maybe even...

ISP Migration

Damn, I was just about to sign up with Be for my business broadband too!

Whats the story, is the vulnerability in the ISP-supplied router? I always use and maintain my own router, so that won't be a problem, however the ethical side of it worries me a bit...

This does remind me strongly of several years ago when I bought a Zyxel broadband modem/router, and it transpired that they were being shipped with permissive packet filters on the WAN side which left Telnet/FTP/HTTP ports open to the 'net, giving direct external access to the router management facilities. Most people didn't know to change the admin password from, you guessed it, '1234', so peoples supposedly secure routers were being easily hacked from the 'net. Zyxel took quite a while to patch that little problem.

Citizen Militia

...Such an absurdly outdated concept, which in many of the preceding comments is clearly still clung to fervently by pro-gun Americans as justification for personal gun ownership.

Anyone who actually thought about that for even a minute would realise that over the last 50 years, all you dutiful employees of Lockheed Martin, Boeing, Carlyle Group and many other huge companies have been working hard to provide the increasingly imperialist US government with all the tools it needs to crush a citizen uprising effortlessly.

In reply to the post claiming that UK gun crime is now worse than it ever was before the handgun ban was introduced, I'd like that author to consider that point from another angle - Who is perpetrating the majority of high-profile gun crime in the UK these days? I'll tell you - mainly young black kids affiliated with the increasing numbers of gangs, who have bought the whole US style glamourised "guns are power" thing. These kids think that "packing heat" is the way to get "respect", and that "popping a cap in yaw ass" is the way to settle an issue thanks to the twisted values being sold to them by America through exported culture.

Availability of guns

"But if someone gets jilted, he won't have a gun on hand"

You've overlooked that fact that in the UK - where handguns are banned - it is still possible to 'go around the corner' in parts of South London (according to a local resident interviewed on the news the other night) and buy a gun.

We all go on and on about 'bannning' guns (ie stopping individuals from legitimately owning them)...

... but NO-ONE ever talks about stopping companies from making them, or stopping the arms dealers from selling them. The politicians will never go there because these companies have so much influence over them, and innocent people will continue to die on the streets.

I once went on an anti-arms protest outside the 'international arms fair' in the docklands, and no matter how peaceful the event was the metropolitan police 'special group' thugs were still sent in to kick the sh*t out of us.

Insecure by Design

Paul Anderson brings up the common argument used to explain why windows is the primary target for malware authors. Sadly this is little more than denial that Microsoft software does have some serious issues.

(Yes windows is certainly the most common desktop operating system, but it definitely doesn't have 95% of the server market!)

One undeniable reason there are so many exploits for Windows is that it is so easy to create them - and that is simply down to its insecure design. Until Vista, Windows simply didn't have the same process memory protection and [effective] privilege based safeguards which are built into other OS's from the ground up. I even read recently that IIS was coded to share *kernel* memory space in an effort to get it to perform on par with *nix based webservers. No wonder script kiddies can walk into most IIS hosted websites - any flaw in the webserver software can be used to gain control of the entire machine its running on.

Not really renewable

Um, no - Geothermal sources are not exactly renewable.

Although at first look it might sound like a limitless free source of energy provided my good ol' mother earth, electricity is usually generated by pumping water deep into earth heated by geothermal activity and tapping the resulting steam in the same way as coal-fired or nuclear power.

The problem with this is, the longer the source is 'tapped' in this way and the more load you put on the system, it tends to start cooling the geothermal source over time ... this effect has long been noticeable in the town of Rotorua in New Zealand where private dwellings commonly use geothermal sources for heating, in addition to the electricity generation utility. Nearby tourist sites such as Geysers over recent decades have significantly reduced in power and frequency of activity as a result.

Mass Destruction

I wonder if its worthwhile reminding those who continue to bang the 'Saddam the War Criminal' drum of a few salient points:

Within not too many years of Saddams killing of a few thousand Kurds with chemical weapons (1988) - Rival Rwandan tribal militias committed genocide of over a million of their fellow countrymen with knives, clubs and an outdated collection of handguns and automatic weapons (1994).

Despite this, no intervention of any kind was attempted by western governments in Rwanda.

These same governments went on pursue Saddam to his destruction as he had apparently commited crimes against humanity through use of WMD against his own people.

Put into context, WMD appears to be a tool of the political arena, rather than the military.

Microsoft 0wn3s those who Do sell pcs.

No M$ doesn't make or sell PCs - it doesn't have to because it has every manufacturer and fabricator who does by the balls through their evil licensing schemes. PC fabricators basically must dance to the M$ tune if they want to sell machines which run windows because they are bound by the M$ licence agreements.

The best bit is that they have to pay M$ a windows fee for every machine they sell even if it doesn't have windows on it. Why do you think Dell was so reluctant to sell Linux machines - they would have been losing the equivalent of the windows fee on every Linux machine which went out the door, worse because the customer doesn't pay anything for the copy of Linux.

Open your eyes - how do you think M$ makes *billions* - how do you think they got to be a monopoly with their unreliable substandard software?

Another response to Steve Roper

You gotta be kidding. The whole point of golf courses is that they comprise acres of expensively manicured grass which *doesn't* have trees on it. Of course some have pitiful clusters of trees around them, but that doesn't exactly make a productive carbon 'sink'.

As for the 'VERY LOUD' wind farms - have you actually seen one? The enormous wind farm on Gran Canaria for example is virtually inaudible when we visit a relative who lives nearby.

What I can't figure is, how come every time a company looks at doing a project like this - they always seem to decide from the outset that they're going to do it right where someone else has a conflicting interest. Whatever happened to the 'planning' stage in project management?

Asleep at the wheel?

You can see why LU has had a sense of humour failure over this ... they've been caught asleep at the wheel. Again.

The video clearly shows one of their employees only a few metres away to the left of the barriers, who is oblivious of someone stopping at the top of the escalators holding a pair of skis, who is there long enough to check for the all-clear from his mates and clip himself into the skis before commencing the stunt.

Just goes to show that relying on CCTV for security means you are only able to helplessly watch on a monitor as events unfold. The kind of stuff you really want to prevent happening in the first place is usually over long before you can despatch someone from the control room.

Heat Loss

Anyone who knows the tinyest bit about outdoor survival knows what 90% of your bodyheat is lost through your head, so you would have thought a smaller head would have become predominent as big headed individuals died of exposure in harsh conditions...?